Why every time when I disassembly the same .exe file the same instruction is in the same address? And what address is that(RAM? HDD? Virtual?)?
+1
A:
The basic idea is that, to allow portability of programs and to allow different programs to run on the same system without clashing, what you are seeing basically amounts to relative addresses which the OS translates to real addresses when the program is run.
The reason you need to have addresses at all is for instructions that reference addresses of other instructions such as jumps.
danben
2010-06-14 14:53:33
I can't see how this has anything to do with the addresses being virtual. The OS loader changes the function addresses based on the image load-location in memory, regardless of how the addresses are resolved (virtually or not).
Ofek Shilon
2010-06-14 15:00:42
That's true; I think I was mixing up concepts. Edited my answer to remove that part.
danben
2010-06-14 15:38:28
A:
There is no reason. It's just how the executable/linking format on that O/S decided to work. Every architecture is different, for instance, even on x86 and x64, executables can be loaded at a randomized virtual address, or at the same one every time. The disassembler will either give the offset in the file, or a virtual address, which is just the base address decided at runtime + the file offset, and possibly a section offset. This is highly architecture dependent, so I can't really give a concrete answer...
Longpoke
2010-06-14 15:41:29
The fact that there are different ways to do something does not at all imply that there is no reason.
danben
2010-06-14 16:57:04
@danben: on x86, data always gets the same virtual address because instructions directly point to those VAs, it is more convenient to do it this way in x86 so that's how it's done. However for libraries, the virtual address must be relocatable or else you're going to get clashes. On x64, it's just as easy to reference relative addresses. So there **is no reason** to use direct addressing and thus the same VA every run, it's just done because that's how the developers felt like doing it... although all the cool kids these days use ASLR so there isn't as much static VA base as before.
Longpoke
2010-06-14 17:16:54
My only point is that you have to do *something* in order to avoid clashes / improve security, which is, I believe, the answer to the OP's question - I don't think he was asking about the merits of one technique over another.
danben
2010-06-14 17:28:17
@danben, he asked why the code loads to the same (not different) address every time.
Longpoke
2010-06-14 18:19:14